Warding off DDoS Attacks with Anti-DDoS — Part 1: Understanding Denial of Service
By Shantanu Kaushik
Struggling with DDoS Attacks? Get Free Support Now! Contact Us >>
Distributed Denial of Service (DDoS) is an attack that disrupts normal traffic to the server, network, or resource it targets. As the name suggests, it affects distributed computing architecture by affecting any particular system in this multiple-system-based architecture to overwhelm the resources. Exploited machines can be anything from servers, IoT devices, or network resources.
You can compare a DDoS attack with a traffic jam on a highway, except the road ahead is highly clogged, and vehicles cannot pass. Each compromised system increases the power of a DDoS attack and enables it to spread further. The attacker works to establish botnets to control as many devices as possible and hijack and clog the resources to deny service.
Identifying DDoS Attacks
Sluggish service is the main symptom of a DDoS attack. This could also happen from genuine traffic, but if you come across sudden spikes in traffic and slowdown of services, further investigation is required. Some of the identifying factors for a DDoS attack are listed below:
- Suspicious traffic spikes at odd hours during the day
- Single resource clog or single website page pings
- Similar user profiles generating massive traffic
- Single IP address range generating massive traffic
DDoS Attack Principles
Alibaba Cloud Anti-DDoS mitigates potential security threats by implementing smart algorithms to analyze genuine traffic surges and work against real DDoS attacks.
A DDoS attacker:
- Gains unauthorized access to a computer and installs the master DDoS program
- The DDoS agent program is installed on multiple computers
- The master program initiates an attack by commanding all agent programs
- Within seconds, all the agent programs are activated and start eating the network resources to deny service
An enterprise runs on business continuity. If you don’t deal with DDoS attacks immediately or use tools, such as Alibaba Cloud Anti-DDoS Pro, you are subject to these risks:
- Data Leaks
Business data and customer record leaks are a huge loss. There are legal challenges, and the business’ reputation takes a hit.
- Economic Loss
Denial of service due to a DDoS attack will hinder customer communication and stop customer access to business applications, which results in huge economic losses.
Types of DDoS Attacks
Application Layer Attack
Methods — HTTP GET, HTTP POST, and HTTP flood
Application layer attacks can mimic genuine user requests, making it hard to differentiate between an attack and genuine traffic. Services or website pages with larger resource consumption are more susceptible to DDoS attacks using HTTP flood attacks. These attacks are sent in high frequency and in larger amounts to seize the network, service, or page.
The image below depicts the standard operating procedure of an application layer DDoS attack:
Transport Layer DDoS Attacks
Methods — UDP flood, SYN flood, ACK flood, and RST flood
SYN floods are protocol attacks that are used for state-exhaustion. State exhaustion causes disruptions in service by consuming network or server resources. These resources could be server load balancers or cloud firewalls.
These types of DDoS attacks exploit any vulnerability in the TCP handshake. The victim server receives an illegitimate SYN packet. When the server tries to respond with an SYN-ACK, the ACK bounces. Attacker bots send out multiple SYN packets to flood the system. Since the server doesn’t get any response for the SYN-ACK, the resources get used up. As the SYN queue fills up, the server will cease to respond to any request it gets from any user, hence a denial of service.
Let’s take a look at the representation below:
Network Layer DDoS
Methods — Connection exhaustion attacks, LOIC and HOIC, SlowLoris, Low and Slow attacks, PyLoris, and XOIC
These attacks can induce a massive connection slowdown by exhausting the concurrent resources of the server being attacked. As soon as the upper limit of the connection request is reached, the server denies any new connection requests. This type of attack exploits the HTTP by requesting and forcing open connections that overload the network.
Packet and DNS DDoS Attacks
Methods — DNS request flood, Query Flood, Response flood, server attacks (local and authoritative)
Packet attacks occur when malformed IP packets are sent to the victim system. This could result in denial of service. When multiple attack bots place domain name query requests at the same time, it creates a DNS query flood, which results in a denial of service.
DDoS affects distributed systems by stressing one or more resources until the entire system becomes inoperable due to incomprehensible load situations. Alibaba Cloud has developed the Anti-DDoS service to mitigate and ward-off these kinds of attacks. Alibaba Cloud offers a unique integration experience throughout the entire lineup of products and solutions that include ECS, server load balancer, and Alibaba Cloud VPC. With these products and solutions, you can easily keep DDoS attacks at bay.
In this article, we focused on understanding how denial of service occurs in different scenarios. In the next article of this series, we will focus on using different Alibaba Cloud products to maintain a healthy system to mitigate DDoS attacks.
- Warding off DDoS Attacks with Anti-DDoS — Part 2: Mitigating Attacks
- Warding off DDoS Attacks with Anti-DDoS — Part 3: Alibaba Cloud Anti-DDoS
- Warding off DDoS Attacks with Anti-DDoS — Part 4: Global DDoS Collaborative Protection and GameShield